Architecture

The beauty of FSLogix Profile Containers and Office 365 Containers is the simplicity in approach that FSLogix has taken to solving the challenges of the end-user and administrator experiences.I like to refer to FSLogix’s approach as no-architecture or architecture-less. What I mean by this is that there are no components, other than the FSLogix agent, to implement in your environment. In this approach, FSLogix solutions are flexible and deployed practically anywhere, whether on-premises or in a public cloud.The FSLogix Containers architecture consists of:

The FSLogix agent – a single agent that provides all functionality. The agent is either deployed to physical PCs, virtual desktops or in a master image

Group Policy – centralised configuration with existing infrastructure

Storage – host FSLogix Containers on standard SMB-based storage. Be sure to match SMB versions between clients and server for best performance. Shared folders could be hosted on Windows Server or natively by an existing storage array.

That’s it! No additional management layers, no back-end, no database, no web tier. Deployed using the services you already own.

Storage

The most detailed considerations you may have will be for storage. Most partners and customers that I’ve spoken to are using tiered storage or all-flash arrays, so storage performance should be excellent. You may need to give more consideration for storage performance to Profile Containers (rather than Office 365 Containers), given the nature of Windows Profiles; however, FSLogix Profile Containers will assist in optimising storage performance for profiles.

Your storage layer should provide high availability, so disaster recovery will be something that to design for based on specific recovery requirements. In most cases, there’s no need to replicate the Office 365 Containers because they contain only a cache of data stored in Office 365. Profile Containers will have a more significant impact on the user experience if unavailable, so consider replications to a secondary data centre.

Preparing for Deployment

To prepare for deploying Profile Containers or Office 365 Containers, the primary process will be:

Create a secure shared folder to host the FSLogix Containers

Install the FSLogix agent into your master image

Create domain groups to allow targeting Containers to specific users

Create a Group Policy Object to configure the Profile Containers and Office 365 Containers Computer settings

Finally, you can deploy your master image and link the GPO to the OU containing your computer accounts.

Creating Secure Shares

A secure shared folder location for the FSLogix Containers is vital for ensuring least privilege. It’s likely you’re already doing this for home folders or user profiles.

If you want to take a shortcut, or are looking to automate the process, we have a script that you can use as a template, listed below. Use at your own risk, of course.

Install the FSLogix Agent

Install the agent via the simple Setup programme – the only options you’ll have to change are the product key or the installation folder. If you are installing an evaluation, use an evaluation key or leave the product key blank to enable the agent fully featured for 30 days.

For testing or evaluation, you could install in a stand-alone VM or a test image. Installing the agent will require a reboot.

Domain Groups

With the agent installed, local groups are created to enable the inclusion or exclusion of users for Profile Containers and Office 365 Containers. By default, the local FSLogix Include groups include Everyone, which will enable Containers for administrator accounts as well.

Via Group Policy, we’ll replace these memberships with new domain groups. The best method will be to remove Everyone and add the domain groups for the most straightforward configuration. Adding users or groups the local Exclude groups will increase complexity.

We recommend creating two groups to target each of the Container products – one for Profile Containers and the other for Office 365 Containers. Add users to these groups to enable the features on target desktops.

At a minimum, I want to enable Containers, configure a storage location and add the domain groups to the local machine groups.

The tables here lists the settings I’ve used in this scenario for an RDS or XenApp deployment on Windows Server 2012 R2 or above. Some settings such as Search Roaming and Virtual Disk type may need to be adjusted accordingly.

Path

Setting

Value

FSLogix

Enable search roaming

Multi-user search

FSLogix / Office 365 Containers

Enabled

Enabled

Include Office activation data in container

Enabled

Include OneDrive data in container

Enabled

Include OneNote data in container

Enabled

Include Outlook data in container

Enabled

Include Skype data in container

Enabled

Include Office activation data in container

Enabled

Set Outlook cached mode on successful container attach

Enabled

Store search database in Office 365 container

Enabled

VHD location

\\server\share\folder

Virtual disk type

VHDX

FSLogix / Profile Containers

Enabled

Enabled

VHD Location

\\server\share\folder

Delete local profile when FSLogix Profile should apply

Enabled

FSLogix / Profile Containers / Advanced

Redirect temporary file folders to local computer

Enabled

FSLogix / Profile Containers / Container and Directory Naming

Virtual disk type

VHDX

Local Groups

Local group membership is best managed through Group Policy Preferences. Here I’m ensuring the groups I created earlier are added to the local groups to enable targeting of the FSLogix features.

Managing FSLogix Local Groups with Group Policy

Deploy

Now that the individual components are configured, we can deploy the solution. The essential steps in a deployment process should be:

Add user accounts to the domain groups

Link the GPO to the correct target computer organisational unit

Deploy the updated master image

The FSLogix agent creates a Profile or Office 365 Container at user login. Viewing the user’s folder will then look similar to this:

My containers after logging into a published desktop a few times

With several user sessions having logged into my environment, I can see a folder for each user in my target share.

FSLogix Container share

Tips

It is important to understand that the FSLogix agent does not change the behaviour of applications – instead it enables applications to operate just as they do on a physical PC.

Want to trial FSLogix free and see how it can improve your business?

ABOUT AARON PARKER

A user experience guy first and foremost, Aaron is an experienced End User Computing Solutions Architect with a history delivering innovative end user projects to customers and organisations in APAC and the UK.

Awarded Citrix Technology Professional (2012-2016, 1 of 50 people worldwide), Microsoft Most Valuable Professional (2011-2016) and AppSense Community Contributor (since 2012) for community involvement and contributions with blogging and regular speaking at events including Citrix Synergy (US/EU), BriForum (US/EU), E2EVC and the UK Citrix User Group.